Permalink
Browse files

FR-GV-304 - check for option overflowing the packet

  • Loading branch information...
alandekok committed Jul 3, 2017
1 parent 21e2e95 commit 19a18bf7c8af649c9e9742fb6a046f6aff639866
Showing with 18 additions and 0 deletions.
  1. +18 −0 src/modules/proto_dhcp/dhcp.c
@@ -628,6 +628,24 @@ static int fr_dhcp_decode_suboption(TALLOC_CTX *ctx, VALUE_PAIR **tlv, uint8_t c
DICT_ATTR const *da;
uint32_t attr;

/*
* Not enough room for the option header, it's a
* bad packet.
*/
if ((p + 2) > (data + len)) {
fr_pair_list_free(&head);
return -1;
}

/*
* Not enough room for the option header + data,
* it's a bad packet.
*/
if ((p + 2 + p[1]) > (data + len)) {
fr_pair_list_free(&head);
return -1;
}

/*
* The initial OID string looks like:
* <iana>.0

0 comments on commit 19a18bf

Please sign in to comment.